Netgate SG-1000 microFirewall

Author Topic: routing specific /24 over ipsec  (Read 119 times)

0 Members and 1 Guest are viewing this topic.

Offline normtodd

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
routing specific /24 over ipsec
« on: March 04, 2018, 02:10:46 pm »
Hello -

I have a network of 2 pfsense routers in 2 locations.

everything is connected over ipsec and working great, everything can ping everything and traffic flows and its awesome.

pfsense1 is
pfsense2 is

here is my challenge:

I have a /24 inside the pfsense1 network of

I need that specific /24 to ONLY route through the network of pfsense2, that is to say the traffic from that 24 enters and exits from the wan of pfsense2. 

I have looked elsewhere and seen example of how to do this using openvpn, where route statements can be used to direct traffic using the openvpn gateway.

unfortunately, i do not see an ipsec gateway declared in my setup, so I cannot do that despite the fact that everything is working (and has been working well) for many months.

any guidance would be greatly appreciated, and i am standing by to upload any configs from any router.

all the best

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10010
  • Karma: +1136/-312
    • View Profile
Re: routing specific /24 over ipsec
« Reply #1 on: March 04, 2018, 10:53:42 pm »
That's because you cannot policy route IPsec like you can OpenVPN.

You might be able to use a phase 2 of <-> with the reciprocal on the other side, but OpenVPN is a lot more flexible in this regard.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!